Critical source files have at least one corresponding test

Why it matters

Auth, payment, billing, and webhook handlers are the highest-risk code in any commercial application — bugs there cause account takeovers, double-charges, missed payments, and data exposure. CWE-1059 (Insufficient Documentation) and ISO-25010:2011 testability both flag untested critical paths as systemic risk. An AI agent generating a Stripe checkout route or a JWT auth handler without writing a corresponding test file leaves the most consequential code in the project completely unverified. A single refactor in lib/billing.ts with no test coverage can silently break revenue collection.

Remediation

Create a test file for every file under lib/auth*, lib/payment*, lib/billing*, app/api/auth/, app/api/checkout/, and app/api/webhooks/. The test doesn't need to be exhaustive — one covering the happy path is enough to break the pattern:

// tests/billing.test.ts
import { calculateInvoice } from '@/lib/billing'

describe('calculateInvoice', () => {
  it('applies tax to line item total', () => {
    const result = calculateInvoice([{ price: 100, qty: 2 }], 0.1)
    expect(result.subtotal).toBe(200)
    expect(result.tax).toBe(20)
    expect(result.total).toBe(220)
  })

  it('returns zero total for empty items', () => {
    const result = calculateInvoice([], 0.1)
    expect(result.total).toBe(0)
  })
})

Detection

ID: ai-slop-test-theater.coverage-reality.critical-paths-have-tests
Severity: critical
What to look for: Walk source files for critical paths: any file under lib/auth*, lib/payment*, lib/billing*, lib/stripe*, lib/checkout*, app/api/auth/, app/api/checkout/, app/api/payments/, app/api/billing/, app/api/webhooks/stripe/, app/api/webhooks/clerk/. Count all critical source files. For each, verify a corresponding test file exists (same basename + .test.ts/.spec.ts, OR a file under __tests__/ referencing the source file by import path, OR an E2E test under tests/e2e/ or e2e/ that imports/references the file or its route).
Pass criteria: 100% of critical source files have at least 1 corresponding test reference. Report: "X critical source files inspected, Y with tests, 0 untested."
Fail criteria: At least 1 critical source file has no test reference.
Skip (N/A) when: Project has 0 critical source files (no auth/payment/webhook files detected).
Cross-reference: For deeper code coverage analysis, the Code Quality Essentials audit (code-quality-essentials) covers test-presence and coverage thresholds.
Detail on fail: "2 untested critical files: src/lib/billing.ts (no tests/billing.test.ts, no __tests__/billing.test.ts), src/app/api/checkout/route.ts (no test reference)"

Remediation: Untested critical paths means a small refactor can silently break payments. Add at least 1 test per critical file:

// tests/billing.test.ts
import { calculateInvoice } from '@/lib/billing'

describe('calculateInvoice', () => {
  it('sums line items with tax', () => {
    const invoice = calculateInvoice([{ price: 100, qty: 2 }], 0.1)
    expect(invoice.subtotal).toBe(200)
    expect(invoice.tax).toBe(20)
    expect(invoice.total).toBe(220)
  })
})

Why it matters

Remediation

// tests/billing.test.ts
import { calculateInvoice } from '@/lib/billing'

describe('calculateInvoice', () => {
  it('applies tax to line item total', () => {
    const result = calculateInvoice([{ price: 100, qty: 2 }], 0.1)
    expect(result.subtotal).toBe(200)
    expect(result.tax).toBe(20)
    expect(result.total).toBe(220)
  })

  it('returns zero total for empty items', () => {
    const result = calculateInvoice([], 0.1)
    expect(result.total).toBe(0)
  })
})

Detection

ID: ai-slop-test-theater.coverage-reality.critical-paths-have-tests
Severity: critical
What to look for: Walk source files for critical paths: any file under lib/auth*, lib/payment*, lib/billing*, lib/stripe*, lib/checkout*, app/api/auth/, app/api/checkout/, app/api/payments/, app/api/billing/, app/api/webhooks/stripe/, app/api/webhooks/clerk/. Count all critical source files. For each, verify a corresponding test file exists (same basename + .test.ts/.spec.ts, OR a file under __tests__/ referencing the source file by import path, OR an E2E test under tests/e2e/ or e2e/ that imports/references the file or its route).
Pass criteria: 100% of critical source files have at least 1 corresponding test reference. Report: "X critical source files inspected, Y with tests, 0 untested."
Fail criteria: At least 1 critical source file has no test reference.
Skip (N/A) when: Project has 0 critical source files (no auth/payment/webhook files detected).
Cross-reference: For deeper code coverage analysis, the Code Quality Essentials audit (code-quality-essentials) covers test-presence and coverage thresholds.
Detail on fail: "2 untested critical files: src/lib/billing.ts (no tests/billing.test.ts, no __tests__/billing.test.ts), src/app/api/checkout/route.ts (no test reference)"

Remediation: Untested critical paths means a small refactor can silently break payments. Add at least 1 test per critical file:

// tests/billing.test.ts
import { calculateInvoice } from '@/lib/billing'

describe('calculateInvoice', () => {
  it('sums line items with tax', () => {
    const invoice = calculateInvoice([{ price: 100, qty: 2 }], 0.1)
    expect(invoice.subtotal).toBe(200)
    expect(invoice.tax).toBe(20)
    expect(invoice.total).toBe(220)
  })
})

Critical source files have at least one corresponding test

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History

Critical source files have at least one corresponding test

Why it matters

Severity rationale

Remediation

Detection

External references

Taxons

History